Enhanced Anti-Spoofing Policies Coming to Office 365 Customers

Written by Dan Callahan

I'm the VP of Global Services at CGNET. I manage our Cybersecurity and Cloud Services businesses. I also provide consulting and handle a lot of project management. I wear a lot of hats. Professionally, I'm a builder of businesses. Outside of work, I'm a hobby farmer, chef, skier, dog walker, jokester, woodworker, structuralist, husband and father.



Cyber Security



August 17, 2018

When There’s Less Than Meets the Eye

Enhanced Anti-Spoofing Policies Coming to All Office 365 Customers

Contents

If you thought anti-spoofing was good and phishing was bad, you were correct.

53% of companies responding to Wombat’s 2018 State of the Phish survey said they had experienced more sophisticated phishing attacks in 2017.
Symantec reported that by the end of 2017 email users were receiving an average of 16 malicious emails per month.

So, it’s great news that Microsoft is making its anti-spoofing functionality available to all Office 365 customers. This functionality had previously been available only to Advanced Threat Protection subscribers. Now, it will now be available to everyone beginning in September. And it will be on by default. Update your To-Do list the decide how you want to manage your anti-spoofing policies.

When SPF, DKIM and DMARC Aren’t Enough

“Wait!” you say. “I thought that’s what SPF, DKIM and DMARC were for.” (Go here if these acronyms mean nothing to you.) It’s true that these email sender authentication standards exist to give organizations a way to confirm that their email domains are legitimate. But because these email records aren’t required to be set up, over 90% of email domains don’t use them. What’s more, SPF and DKIM records can be created for one domain and associated with another, spoofed, domain.

Using Behavior to Determine Authenticity

The authenticity of an email message often cannot be determined based on the available records. In response, Microsoft has used pattern matching and sender reputation to infer the authenticity of a message, so that appropriate action could be taken.

Get More Information

We don’t want to put everyone to sleep by going over all the anti-spoofing options here. But there’s a nice article from Microsoft that describes the what, why and how of anti-spoofing and related policies. You can find that here. You’ll especially want to review the article if you’re using anti-spoofing services through another provider such as Symantec.

If you want to learn more about how Microsoft’s anti-spoofing works, here’s a nice article you can read.

Rollout Timing

Microsoft reports that policy tools will be available after September 1^st. Anti-spoofing will be rolled out to customers beginning September 21^st. That gives you three weeks to decide on your anti-spoofing policies and put them in place.